POST /api/auth/login
Authenticates a user with email and password, returning JWT access and refresh tokens. The user’s email must be verified before they can log in.
Request body
User’s registered email address
Response
Indicates if the login was successful
Human-readable response message
Authentication data containing user information and tokens
Authenticated user information (sanitized)
User role: student, faculty, or store_employee
Email verification status
Student registration number (if applicable)
Employee ID (if applicable)
Phone number (if applicable)
JWT access token for authenticated requests. Default expiration: 1 hour
JWT refresh token for obtaining new access tokens. Default expiration: 7 days
Status codes
200 - Login successful, tokens provided401 - Invalid email or password403 - Email not verified500 - Internal server error
The access token should be included in the Authorization header as Bearer <token> for subsequent authenticated requests.
Store the refresh token securely (e.g., httpOnly cookie or secure storage). Use it to obtain new access tokens when they expire.
Examples
curl -X POST https://api.campusbite.com/api/auth/login \
-H "Content-Type: application/json" \
-d '{
"email": "[email protected]",
"password": "SecurePass123"
}'
Success response (200)
{
"success": true,
"message": "Login successful.",
"data": {
"user": {
"_id": "507f1f77bcf86cd799439011",
"name": "John Doe",
"email": "[email protected]",
"role": "student",
"register_number": "2021CS001",
"employee_id": null,
"phone_number": null,
"is_email_verified": true,
"created_at": "2024-01-15T10:30:00.000Z",
"updated_at": "2024-01-15T10:30:00.000Z"
},
"accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}
}
Error response (401)
{
"success": false,
"message": "Invalid email or password."
}
Error response (403)
{
"success": false,
"message": "Please verify your email before logging in."
}